# vim: ft=yaml.ansible
---
- name: Create Wireguard volume directory
  ansible.builtin.file:
    name: "{{ services.wireguard.volume }}"
    owner: '911'
    mode: u=rwx,g=rx,o=rx
    state: directory

- name: Deploy Wireguard Docker container
  community.docker.docker_container:
    name: wireguard
    state: "{{ 'absent' if stop is defined and stop else 'started' }}"
    restart: "{{ stop is undefined or not stop }}"
    image: linuxserver/wireguard:{{ services.wireguard.version }}
    restart_policy: always
    default_host_ip: ''
    networks:
      - name: pihole_wireguard
    env:
      SERVERURL: "{{ services.wireguard.domain }}"
      SERVERPORT: '51820'
      PEERS: "{{ secrets.wireguard.peers }}"
      PEERDNS: "{{ services.pihole.docker_ipv4 }}"
      TZ: "{{ timezone }}"
    volumes:
      - "{{ services.wireguard.volume }}:/config:rw"
      - /lib/modules:/lib/modules:rw
    published_ports:
      - 51820:51820/udp
    capabilities:
      - net_admin
      - sys_module
    sysctls:
      net.ipv4.conf.all.src_valid_mark: 1